How can free people grapple with growing threats to their privacy and liberty? A computer-security guru’s view of the surveillance dystopia worries Becky Hogge
The entry for “tin-foil hat” in Wikipedia includes the definition “a popular stereotype and term of derision; the phrase serves as a byword for paranoia and is associated with conspiracy theorists”. Tin-foil hats (or beanies), are sported by the apocryphal “tin-foil beanie brigade” – a posited group of paranoid individuals who believe that such headgear will prevent their minds from being captured by anything from agents of a malevolent state to tribes of aliens.
It was with some surprise and amusement, therefore, that I opened a parcel from a respected American media and telecommunications advocacy group last year to find a tin-foil protector for my passport. Its purpose? To prevent rogue radio frequency identification (RFID) readers from capturing my personal details in busy airports.
As technology advances, perceived threats to individual liberties shift. Last week, I attended the seventh Social Study of Information Communications Technology (ICT) workshop at the London School of Economics. Themed “Identity in the Information Society: Security, Privacy, the Future,” the program featured a keynote speech by the American cryptologist and computer security guru Bruce Schneier. His talk furnished me with both answers and questions. The path of technological development and its effects on privacy and personal freedoms had been laid out clearly. How a free society might mitigate against the challenges brought by such a path, however, had never been more unclear.
The surveillance dystopia
Schneier’s premise was simple: “Data is the pollution of the information society.” As computers become more and more involved in our daily activities, from buying a coffee, to traveling on public transport, to borrowing a book from our local library or going to a movie or a play, we leave behind transaction records. Whether they are receipts for credit-card purchases or records of where we have traveled – collected via the use of electronic tickets like London’s “Oyster” card or through cameras that recognize car number-plates – these transaction trails provide data about us that is often linked to semi-unique identifiers, such as our name and address. This data is becoming cheaper and cheaper to store, to the extent that storage costs will soon approach zero. This pollution of detail about our patterns of living is not often within our control; instead, it is owned by corporate or bureaucratic entities. And it has the power to say a lot about our daily lives.
In his speech, Schneier took his audience through the different kinds of routine surveillance with which a modern western citizen might expect to come into contact. Closed-circuit television (CCTV) is the form most commonly experienced, especially in Britain, which has the world’s highest ratio of CCTV cameras to people. But Schneier also mentioned audio surveillance, including telephone tapping, aerial surveillance – in the form of manned or unmanned helicopters – and internet surveillance, as well as the new opportunities afforded by mobile phones, GPS tracking systems and RFID tags.
On top of this, identification-based surveillance systems abound. They include automatic facial recognition systems (as used by the London borough of Newham in its CCTV system), vehicle license-plate capture, identity cards, identity codes hard-wired into high-end consumer electronics and store loyalty cards, which allow customers special discounts in exchange for information about what they buy.
Privacy is a human right. Without the ability to hide from the world, to choose when our actions are public and when they are private, we lose something of what it means to be human. But in a world where data about almost everything we do can be stored indefinitely, how can anything be private?
Schneier led his audience deeper into the surveillance dystopia than I had ever cared to travel. Storing everything you typed on your computer for a year would take 100 megabytes (MB) of disk space. Throw in every file you ever sent for an extra four to eight gigabytes (GB). Five GB of compressed audio would capture every telephone conversation you had in a year. Two-hundred GB of audio, or 700 GB of audio-visual material, and you could have a “life recorder” for a year – a record of everything you said or did, captured by a tiny digital recorder sewn into the lapel of your jacket.
Such musings on total surveillance aside, the question of how society must change to deal with existing technical realities is a pressing one. There are several approaches. “Digital natives” – teenagers who have grown up in the age of ubiquitous networked communications and who share intimate details of their lives on sites such as MySpace – seem to believe that any real data, or “signal”, will be obscured by so much noise. But how much further do automatic pattern-recognition algorithms need to develop to make this strategy unviable? Then there’s the geek philosophy of the Panopticon, which sees state, corporation and citizen in a mode of total disclosure, with any challenges overridden by opportunities for open government and true corporate social responsibility. But as Schneier observes, the presumption that total disclosure on behalf of the state and corporations, as well as citizens, is any type of remedy ignores the initial power imbalance between the institution and the individual.
Schneier’s own remedy – the rule of law – was convincing up to a point. As an American citizen, he admires Europeans their data-protection legislation, which sets strict criteria for data handling and forbids a set of data collected for one purpose from being used for another. But what might work in theory doesn’t always hold in practice, as controversies in late 2006 over the right of British citizens to opt out of having their medical records transferred to a centralised National Health Service database demonstrate.
One week on from the workshop, some of that cold, paranoid feeling has left me, but questions still persist. Surely, in the face of such potential intrusions on privacy, some sort of cultural shift is needed? Yet it seems that people make poor decisions about their privacy all the time: for the price of a small percentage off their car-insurance premiums, people will sign up to having details of every journey they make logged; for a few pounds off their weekly shop, they will tell a supermarket chain everything they buy in a year. At the same time, the threat of terrorism persuades us to sign away privacy safeguards. Now is a unique moment in the history of surveillance. The cameras are still big enough that we can see them. So why don’t we care more?
But the sands seem to be shifting. The United Kingdom, according to the Surveillance Studies Network, is “the most surveilled country” of the industrialised western nations. In March 2007, Jack Straw, the leader of the House of Commons, announced an imminent inquiry into Britain’s surveillance society by the Commons home affairs committee. Reports indicate that the inquiry will cover CCTV, identity cards and the rapidly mushrooming police DNA database. And the Royal Academy of Engineering just released, on 27 March, a report urging the government to plan future technology projects and adapt current ones in order to ensure that the country did not become “Big Brother Britain”.
In terms of my own personal fears, the timing couldn’t be better. In fact, it appears too good. Could they be reading my mind already?